Cybersecurity researchers have disclosed two serious security flaws in the n8n workflow automation platform that could allow authenticated attackers to achieve remote code execution (RCE) and potentially take full control of affected environments.
The vulnerabilities were discovered by the JFrog Security Research team and impact n8n’s sandboxing mechanisms for both JavaScript and Python execution. Given n8n’s deep integration across enterprise automation workflows, the risks associated with exploitation are considered significant.
Details of the Vulnerabilities
The two flaws have been assigned the following CVE identifiers:
- CVE-2026-1470 (CVSS 9.9)
This vulnerability stems from an eval injection issue that allows an authenticated user to bypass n8n’s Expression sandbox. By supplying specially crafted JavaScript, an attacker can execute arbitrary code directly on n8n’s main node, resulting in full remote code execution. - CVE-2026-0863 (CVSS 8.5)
This flaw also involves eval injection and enables an authenticated user to escape the python-task-executor sandbox, allowing arbitrary Python code execution on the underlying operating system.
According to JFrog, successful exploitation of either vulnerability could allow an attacker to fully compromise an n8n instance, even when the platform is running in its so called internal execution mode.
n8n itself has previously warned that using internal mode in production environments increases security risk, recommending external execution mode to ensure stronger isolation between the core platform and task runner processes.
Enterprise Impact and Risk
“As n8n automates workflows across entire organizations, it often has access to highly sensitive systems and data,” JFrog explained. These can include large language model APIs, internal IAM systems, sales platforms, and infrastructure tooling.
As a result, a successful sandbox escape effectively grants an attacker a single access point to critical enterprise assets, functioning as what researchers described as a “skeleton key” to corporate environments.
Security Updates and Mitigation
Users are strongly advised to update to patched versions immediately. The recommended versions are:
- For CVE-2026-1470
Versions 1.123.17, 2.4.5, or 2.5.1 - For CVE-2026-0863
Versions 1.123.14, 2.3.5, or 2.4.2
Broader Security Context
The disclosure follows closely after another critical n8n vulnerability, CVE-2026-21858, also known as Ni8mare. That flaw allows unauthenticated attackers to fully compromise vulnerable n8n instances. As of January 27, 2026, more than 39,000 instances were still exposed, according to data from the Shadowserver Foundation.
JFrog researcher Nathan Nehorai noted that these issues highlight the broader difficulty of securely sandboxing dynamic languages like JavaScript and Python.
“Even with multiple validation layers, deny lists, and AST based controls, subtle language behaviors and rarely used constructs can be abused to bypass security assumptions,” he said. “In this case, small gaps in interpreter behavior were enough to enable full remote code execution.”
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
